Handling and storing data safely
In your volunteering, you'll often hold data on Christian Aid supporters: for example the names and addresses of your collectors.
As a Christian Aid volunteer, it's vital you keep this information safe and abide by the UK General Data Protection Regulation (UK GDPR, 2018) regulations. While this might sound intimidating at a first, much of the guidance is common-sense based. This page is designed to guide you through the key points.
How do I know if I hold data?
Data protection covers any personal information about an individual. For people you phone, email or post information to about Christian Aid, you are most likely to have their names, address, contact number and email address, and this data needs to be protected. Likewise, if you are storing completed Gift Aid slips or a sponsorship forms, these too will hold individuals' personal data and needs to be kept securely.
Whose details should I be recording?
If you are organising an event within your own church and contacting church members as you would normally do for an event in your church, then you can continue as normal. Examples might be a coffee morning, soup lunch, collection or announcement during a service.
If you are working within your own church, but are collecting and holding data, or organising an event Christian Aid has asked you to organise, you will need to make sure you follow our guidelines. Examples may be collecting details of house-to-house collectors, using sponsorship forms, or running an exhibition with Christian Aid staff.
If you are working with people from other churches or those outside of your own church, you will also need to make sure you follow our guidelines. Examples may be working in a Christian Aid group or running a joint event with a local church.
How can I securely store data?
It is important to make sure that the data you are collecting is stored securely so that it cannot be accessed by unauthorised persons. Here are some ways you can help ensure you are keeping personal data safe:
- Ensuring notebooks/address books containing personal data are kept in a lock draw or filing cabinet.
- Protecting your phone, tablet, computer, etc. With a strong password, fingerprint or face ID.
- Saving files containing personal data on password protected drive that can be locked away or by password protecting the files themselves.
UK GDPR Responsibility Summary for Christian Aid Volunteers
As a volunteer for a charity, you have an important role in helping to ensure that Christian Aid complies with the UK General Data Protection Regulation (UK GDPR). This regulation sets guidelines for how personal data should be handled, protected, and used. Below is a summary of your responsibilities under the UK GDPR:
Confidentiality: You must keep all personal data you access confidential. Do not share or disclose any personal information about another supporter, volunteer, donor or colleagues unless authorised to do so.
Data Protection: You are required to handle personal data carefully and in accordance with the charity’s data protection policies. Ensure that data you hold is accurate, kept up-to-date and securely stored.
Use of Data: Only use personal data for the specific purposes it was collected for. If you are unsure about the purpose, ask your Church Engagement and Fundraising Officer or contact Christian Aid.
Data Minimisation: Only collect or access the personal data that is necessary for your task. Do not gather or store information that is not relevant.
Data Security: Ensure that any personal data you handle is protected from unauthorised access, loss, or damage, this includes Gift Aid slips, campaign petition sheets and sponsorship forms before you return them to Christian Aid, as well as contact details for your volunteers. If you’re holding data digitally, please make sure devices and systems are secure, and use strong passwords.
Reporting Breaches: If you suspect a data breach (e.g., loss or unauthorized access to personal data), you must report it immediately.
Rights of Individuals: Be aware that individuals whose data you handle have certain rights under the UK GDPR, such as the right to access their data, the right to rectification, and the right to erasure. If a person makes a request regarding their personal data, please can you pass their request onto Christian Aid using the contact details below: